Logging with Unencrypted DNS, DoT and DoH

[John W. Blue]

Ralph,

You already may be aware of the BIND webinar's put on by ISC and presented by Carsten:

https://www.isc.org/docs/BIND_9webinar2.pdf
https://www.youtube.com/watch?v=7Uu6XvY68SM

If not, spend some time watching the video and would like to point out that slide 12 lists several COTS vendors that are able to consume the named.stats output.

John


From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Bischof, Ralph F. (MSFC-IS64)[AEGIS] via bind-users
Sent: Tuesday, September 17, 2024 3:40 PM
To: bind-users at lists.isc.org
Subject: Logging with Unencrypted DNS, DoT and DoH

Hello,

BIND 9.18.7
RHEL 8.10 (Oopta)

I am being asked if it is possible to differentiate the percentage of queries coming into a server that are unencrypted, DoT and DoH.
Example: For a given 24 hours, 50% were 53, 25% were 853 and 25% were 443.
I cannot find a difference in the query logs to show how the query came into the server. My only thought at the moment is to run 'tcpdump' on all of the servers and script something.
Is there some way that I just have not found within BIND?
My apologies if this has been asked previously.

Thank you,
Ralph F. Bischof, Jr. | Leidos
DDI Service Architect
Digital Modernization Sector

Ralph.Bischof at nasa.gov<mailto:Ralph.Bischof at nasa.gov> | www.leidos.com<https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.leidos.com%2F&data=05%7C02%7Cralph.bischof%40nasa.gov%7Cffe474bf7c714c8a913b08dc4cd7972f%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C638469736078828844%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=TZSJjHnaQPPBBZUTk8LGL0RNQjcuxrhzmmxzDNuy7q0%3D&reserved=0>
+1 (256) 682-9145 M



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240917/f63844c3/attachment.htm>